Generating a transition system for use with model checking

Abstract

The invention concerns model program analysis of software code using model checking. Initially, a transition system (22) and an extensible markup language (XML) (24) representation of the data is generated. Next, labels (26) for the transition system are generated by querying the XML representation of the data using (markup) query language. The labels and the structure of the transition system are then used as input to model checking techniques to analyse the software code (28). It is an advantage of the invention that the problem of labelling a transition system can be transformed into the XML domain so that detailed information about the software code can be extracted using queries in a format that can be run in the XML domain which are well known. At the same time the transformation to the XML domain does not prevent the use of efficient model checking technologies.

Description

TECHNICAL FIELD[0001]The invention concerns generating a transition system for use with model checking of data. In particular, but not limited to, the data may be software code and model checking may form part of program analysis, such as static program analysis. The invention also concerns software installed on a computer system to perform the method of the invention.BACKGROUND ART[0002]Software product development is very much driven by two objectives: short time-to-market and low development costs. However, the current best practice of software development is still expensive, time consuming, and creates unnecessary expenses which often occur in later stages of product development or even after product deployment.[0003]One of the reasons are errors or flaws in the software's source code, such as software bugs, which are both expensive and time consuming to detect. Finding such software bugs, or in turn giving an insurance of their absence, is therefore of great importance in softw...

AI Technical Summary

Benefits of technology

[0017]It is an advantage of the invention that the problem of labelling a transition system can be transformed into the XML domain so that detailed information about the data can be extracted using queries in a format that can be run in the XML domain which are well known. At the same time the transformation to the XML domain does not prevent the use of efficient model checking technologies.

[0018]The data may be source code. Static analysis of the source code may:

[0019]identify the presence or absence of a class of software bugs in the source code;

[0023]The method may be performed as the source code is being written or during compile time.

[0024]Querying the XML representation of the data comprises running a query on the XML representation of the data and the query may check for static properties of the source code, for example, location of variable and function declarations, comparisons between variables and numbers, initialisations of variables or data structures, modifications of variables or data structures and uses of various program elements such as variables, data structures, functions or numbers. Other static properties include function calls (in general or for specific functions that may deal, for example, with memory management) and control-flow statements (for example, if, switch, return, or all loop statements).

[0025]The method may comprise the initial step of generating an abstract syntax tree representation of the source code, and the steps of generating the transition system and generating the XML representation of the data may be based on the abstract syntax tree representation of the data.

Problems solved by technology

At the same time the transformation to the XML domain does not prevent the use of efficient model checking technologies.

Images